CURLE_SSL_INSECURE is removed again and so is CURLOPT_SSL_INSECURE, we (0e0caf7c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+14 −5

Original line number	Diff line number	Diff line
		@@ -6,15 +6,24 @@

		Changelog

		Daniel (30 Aug 2002)
		- Applied an anonymous SOCKS5-proxy patch. Not properly working in all
		situations though, as all getaddrinfo()-using libcurls will fail on this.

		- Fixed up the SSL cert fixes from the other day even more after more inputs
		from Cris. Added three new error codes to make the CURLE_SSL_CONNECT_ERROR
		slightly less overloaded.

		Daniel (27 Aug 2002)
		- After lots of talk with Tom Zerucha, Nick Gimbrone and Cris Bailiff I
		decided to talk the bold path and I now introduced the CURLOPT_SSL_INSECURE
		option that needs to be set to TRUE to allow libcurl to connect to SSL sites
		without using a CA certificate to verify it with.
		decided to talk the bold path and I now made libcurl do CA certificate
		verification by default. Thus library users need to explicitly turn this off
		if you want to connect to sites without proper checking. We also install a
		CA cert bundle on 'make install' now.

		The curl tool similarly requires the -k/--insecure optin in order to allow
		The curl tool now requires the -k/--insecure option in order to allow
		connections and operations on SSL sites that aren't properly verified with
		-cafile or --capath
		-cafile or --capath.

		Daniel (26 Aug 2002)
		- Andrew Francis cleaned up some code that now compiles fine without the need

+1 −1

Original line number	Diff line number	Diff line
		@@ -710,7 +710,7 @@ if test "x$ca" = "xno"; then
		dnl let's not keep "no" as path name, blank it instead
		ca=""
		else
		AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, $ca, [CA bundle full path name])
		AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [CA bundle full path name])
		fi

		CURL_CA_BUNDLE="$ca"

+5 −6

Original line number	Diff line number	Diff line
		@@ -197,8 +197,10 @@ typedef enum {
		CURLE_SEND_ERROR, /* 55 - failed sending network data */
		CURLE_RECV_ERROR, /* 56 - failure in receiving network data */
		CURLE_SHARE_IN_USE, /* 57 - share is in use */
		CURLE_SSL_INSECURE, /* 58 - connect attempt without certificate
		but SSL_INSECURE not explicitly allowed */
		CURLE_SSL_CERTPROBLEM, /* 58 - problem with the local certificate */
		CURLE_SSL_CIPHER, /* 59 - couldn't use specified cipher */
		CURLE_SSL_CACERT, /* 60 - problem with the CA cert (path?) */

		CURL_LAST /* never use! */
		} CURLcode;

		@@ -579,12 +581,9 @@ typedef enum {
		/* Provide a CURLShare for mutexing non-ts data */
		CINIT(SHARE, OBJECTPOINT, 100),

		/* Explicitly allow insecure SSL connects */
		CINIT(SSL_INSECURE, LONG, 101),

		/* indicates type of proxy. accepted values are CURLPROXY_HTTP (default),
		CURLPROXY_SOCKS4 and CURLPROXY_SOCKS5. */
		CINIT(PROXYTYPE, LONG, 102),
		CINIT(PROXYTYPE, LONG, 101),

		CURLOPT_LASTENTRY /* the last unused */
		} CURLoption;

+1 −0

Original line number	Diff line number	Diff line
		@@ -72,5 +72,6 @@ $(srcdir)/getdate.c: getdate.y

		install-data-hook:
		@if test -n "@CURL_CA_BUNDLE@"; then \
		$(mkinstalldirs) `dirname $(DESTDIR)@CURL_CA_BUNDLE@`; \
		@INSTALL_DATA@ ca-bundle.crt $(DESTDIR)@CURL_CA_BUNDLE@; \
		fi

+3 −3

Original line number	Diff line number	Diff line
		@@ -722,7 +722,7 @@ Curl_SSLConnect(struct connectdata *conn)
		data->set.key,
		data->set.key_type)) {
		/* failf() is already done in cert_stuff() */
		return CURLE_SSL_CONNECT_ERROR;
		return CURLE_SSL_CERTPROBLEM;
		}
		}

		@@ -730,7 +730,7 @@ Curl_SSLConnect(struct connectdata *conn)
		if (!SSL_CTX_set_cipher_list(conn->ssl.ctx,
		data->set.ssl.cipher_list)) {
		failf(data, "failed setting cipher list");
		return CURLE_SSL_CONNECT_ERROR;
		return CURLE_SSL_CIPHER;
		}
		}

		@@ -743,7 +743,7 @@ Curl_SSLConnect(struct connectdata *conn)
		data->set.ssl.CAfile,
		data->set.ssl.CApath)) {
		failf(data,"error setting cerficate verify locations");
		return CURLE_SSL_CONNECT_ERROR;
		return CURLE_SSL_CACERT;
		}
		}
		else